Title
Create new category
Edit page index title
Edit category
Edit link
OpenShift Considerations
Introduction
This guide explains how to deploy MetaDefender Storage Security (MDSS) on OpenShift using Helm with the required OpenShift-specific configuration.
Prerequisites
- Access to OpenShift cluster with admin privileges
- Helm 3.x installed
occommand-line tool configured- Ability to grant privileged SCC permissions
Deployment Steps
1. Login to OpenShift
oc login --token=<your_token> --server=<cluster_url>2. Create Project
oc new-project mdss3. Create Service Account and Grant Permissions
The MDSS components require privileged access to function properly on OpenShift:
# Create a service account for MDSSoc create sa mdss -n mdss# Grant privileged security context constraints to the service accountoc adm policy add-scc-to-user privileged -z mdss -n mdssImportant: The privileged SCC is necessary because several MDSS components require elevated permissions.
4. Add Helm Repository
helm repo add mdk8s <https://opswat.github.io/metadefender-k8s/> helm repo update mdk8s5. Prepare OpenShift Values File
Create a file named mdss-openshift.yml with the OpenShift-specific configuration:
# Download the OpenShift values file directly from GitHub # Run this command to fetch the file: curl -O <https://raw.githubusercontent.com/OPSWAT/metadefender-k8s/refs/heads/main/helm_charts/mdss-openshift.yml6. Deploy the MDSS Helm Chart
helm install mdss mdk8s/metadefender_storage_security -f mdss-openshift.ymlNote: The OpenShift values file configures the SecurityContext to run as user 0 (root), assigns the mdss service account to pods, and adjusts command arguments for compatibility.
7. Verify Deployment
oc get pods -n mdss oc get services -n mdssWait until all pods are in Running state. This may take a few minutes as containers initialize.
Post-Deployment Configuration
Access MDSS Console
# Create a route to access the MDSS web interface oc expose svc/webclient -n mdss # Get the route URL oc get route webclient -n mdssAccess the web interface using the hostname provided by the route.
Maintenance
Upgrading MDSS
helm repo update mdk8s helm upgrade mdss mdk8s/metadefender_storage_security -f mdss-openshift.ymlUninstalling MDSS
helm uninstall mdss oc delete project mdss
